/*
conf.c -- configuration code
Copyright (C) 1998 Robert van der Meulen
- 1998-2003 Ivo Timmermans <ivo@o2w.nl>
- 2000-2003 Guus Sliepen <guus@sliepen.eu.org>
- 2000 Cris van Pelt <tribbel@arise.dhs.org>
+ 1998-2005 Ivo Timmermans
+ 2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+ 2010-2011 Julien Muchembled <jm@jmuchemb.eu>
+ 2000 Cris van Pelt
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
- $Id: conf.c,v 1.9.4.70 2003/08/02 15:27:24 guus Exp $
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "system.h"
#include "avl_tree.h"
+#include "connection.h"
#include "conf.h"
+#include "list.h"
#include "logger.h"
#include "netutl.h" /* for str2address */
+#include "protocol.h"
#include "utils.h" /* for cp */
#include "xalloc.h"
avl_tree_t *config_tree;
-int pingtimeout = 0; /* seconds before timeout */
+int pinginterval = 0; /* seconds between pings */
+int pingtimeout = 0; /* seconds to wait for response */
char *confbase = NULL; /* directory in which all config files are */
char *netname = NULL; /* name of the vpn network */
+list_t *cmdline_conf = NULL; /* global/host configuration values given at the command line */
+
-static int config_compare(const config_t *a, const config_t *b)
-{
+static int config_compare(const config_t *a, const config_t *b) {
int result;
result = strcasecmp(a->variable, b->variable);
if(result)
return result;
+ /* give priority to command line options */
+ result = !b->file - !a->file;
+ if (result)
+ return result;
+
result = a->line - b->line;
if(result)
return result;
else
- return strcmp(a->file, b->file);
+ return a->file ? strcmp(a->file, b->file) : 0;
}
-void init_configuration(avl_tree_t ** config_tree)
-{
- cp();
-
+void init_configuration(avl_tree_t ** config_tree) {
*config_tree = avl_alloc_tree((avl_compare_t) config_compare, (avl_action_t) free_config);
}
-void exit_configuration(avl_tree_t ** config_tree)
-{
- cp();
-
+void exit_configuration(avl_tree_t ** config_tree) {
avl_delete_tree(*config_tree);
*config_tree = NULL;
}
-config_t *new_config(void)
-{
- cp();
-
- return (config_t *) xmalloc_and_zero(sizeof(config_t));
+config_t *new_config(void) {
+ return xmalloc_and_zero(sizeof(config_t));
}
-void free_config(config_t *cfg)
-{
- cp();
-
+void free_config(config_t *cfg) {
if(cfg->variable)
free(cfg->variable);
free(cfg);
}
-void config_add(avl_tree_t *config_tree, config_t *cfg)
-{
- cp();
-
+void config_add(avl_tree_t *config_tree, config_t *cfg) {
avl_insert(config_tree, cfg);
}
-config_t *lookup_config(const avl_tree_t *config_tree, char *variable)
-{
+config_t *lookup_config(const avl_tree_t *config_tree, char *variable) {
config_t cfg, *found;
- cp();
-
cfg.variable = variable;
- cfg.file = "";
+ cfg.file = NULL;
cfg.line = 0;
found = avl_search_closest_greater(config_tree, &cfg);
return found;
}
-config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg)
-{
+config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg) {
avl_node_t *node;
config_t *found;
- cp();
-
node = avl_search_node(config_tree, cfg);
if(node) {
if(node->next) {
- found = (config_t *) node->next->data;
+ found = node->next->data;
if(!strcasecmp(found->variable, cfg->variable))
return found;
return NULL;
}
-bool get_config_bool(const config_t *cfg, bool *result)
-{
- cp();
-
+bool get_config_bool(const config_t *cfg, bool *result) {
if(!cfg)
return false;
return true;
}
- logger(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"),
+ logger(LOG_ERR, "\"yes\" or \"no\" expected for configuration variable %s in %s line %d",
cfg->variable, cfg->file, cfg->line);
return false;
}
-bool get_config_int(const config_t *cfg, int *result)
-{
- cp();
-
+bool get_config_int(const config_t *cfg, int *result) {
if(!cfg)
return false;
if(sscanf(cfg->value, "%d", result) == 1)
return true;
- logger(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"),
+ logger(LOG_ERR, "Integer expected for configuration variable %s in %s line %d",
cfg->variable, cfg->file, cfg->line);
return false;
}
-bool get_config_string(const config_t *cfg, char **result)
-{
- cp();
-
+bool get_config_string(const config_t *cfg, char **result) {
if(!cfg)
return false;
return true;
}
-bool get_config_address(const config_t *cfg, struct addrinfo **result)
-{
+bool get_config_address(const config_t *cfg, struct addrinfo **result) {
struct addrinfo *ai;
- cp();
-
if(!cfg)
return false;
return true;
}
- logger(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"),
+ logger(LOG_ERR, "Hostname or IP address expected for configuration variable %s in %s line %d",
cfg->variable, cfg->file, cfg->line);
return false;
}
-bool get_config_subnet(const config_t *cfg, subnet_t ** result)
-{
- subnet_t *subnet;
-
- cp();
+bool get_config_subnet(const config_t *cfg, subnet_t ** result) {
+ subnet_t subnet = {NULL};
if(!cfg)
return false;
- subnet = str2net(cfg->value);
-
- if(!subnet) {
- logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"),
+ if(!str2net(&subnet, cfg->value)) {
+ logger(LOG_ERR, "Subnet expected for configuration variable %s in %s line %d",
cfg->variable, cfg->file, cfg->line);
return false;
}
/* Teach newbies what subnets are... */
- if(((subnet->type == SUBNET_IPV4)
- && !maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t)))
- || ((subnet->type == SUBNET_IPV6)
- && !maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) {
- logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"),
+ if(((subnet.type == SUBNET_IPV4)
+ && !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)))
+ || ((subnet.type == SUBNET_IPV6)
+ && !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)))) {
+ logger(LOG_ERR, "Network address and prefix length do not match for configuration variable %s in %s line %d",
cfg->variable, cfg->file, cfg->line);
- free(subnet);
return false;
}
- *result = subnet;
+ *(*result = new_subnet()) = subnet;
return true;
}
/*
- Read exactly one line and strip the trailing newline if any. If the
- file was on EOF, return NULL. Otherwise, return all the data in a
- dynamically allocated buffer.
-
- If line is non-NULL, it will be used as an initial buffer, to avoid
- unnecessary mallocing each time this function is called. If buf is
- given, and buf needs to be expanded, the var pointed to by buflen
- will be increased.
+ Read exactly one line and strip the trailing newline if any.
*/
-static char *readline(FILE * fp, char **buf, size_t *buflen)
-{
+static char *readline(FILE * fp, char *buf, size_t buflen) {
char *newline = NULL;
char *p;
- char *line; /* The array that contains everything that has been read so far */
- char *idx; /* Read into this pointer, which points to an offset within line */
- size_t size, newsize; /* The size of the current array pointed to by line */
- size_t maxlen; /* Maximum number of characters that may be read with fgets. This is newsize - oldsize. */
if(feof(fp))
return NULL;
- if(buf && buflen) {
- size = *buflen;
- line = *buf;
- } else {
- size = 100;
- line = xmalloc(size);
- }
+ p = fgets(buf, buflen, fp);
- maxlen = size;
- idx = line;
- *idx = 0;
+ if(!p)
+ return NULL;
- for(;;) {
- errno = 0;
- p = fgets(idx, maxlen, fp);
+ newline = strchr(p, '\n');
- if(!p) { /* EOF or error */
- if(feof(fp))
- break;
+ if(!newline)
+ return buf;
- /* otherwise: error; let the calling function print an error message if applicable */
- free(line);
- return NULL;
- }
+ *newline = '\0'; /* kill newline */
+ if(newline > p && newline[-1] == '\r') /* and carriage return if necessary */
+ newline[-1] = '\0';
- newline = strchr(p, '\n');
+ return buf;
+}
- if(!newline) { /* We haven't yet read everything to the end of the line */
- newsize = size << 1;
- line = xrealloc(line, newsize);
- idx = &line[size - 1];
- maxlen = newsize - size + 1;
- size = newsize;
- } else {
- *newline = '\0'; /* kill newline */
- break; /* yay */
- }
+config_t *parse_config_line(char *line, const char *fname, int lineno) {
+ config_t *cfg;
+ int len;
+ char *variable, *value, *eol;
+ variable = value = line;
+
+ eol = line + strlen(line);
+ while(strchr("\t ", *--eol))
+ *eol = '\0';
+
+ len = strcspn(value, "\t =");
+ value += len;
+ value += strspn(value, "\t ");
+ if(*value == '=') {
+ value++;
+ value += strspn(value, "\t ");
}
-
- if(buf && buflen) {
- *buflen = size;
- *buf = line;
+ variable[len] = '\0';
+
+ if(!*value) {
+ const char err[] = "No value for variable";
+ if (fname)
+ logger(LOG_ERR, "%s `%s' on line %d while reading config file %s",
+ err, variable, lineno, fname);
+ else
+ logger(LOG_ERR, "%s `%s' in command line option %d",
+ err, variable, lineno);
+ return NULL;
}
- return line;
+ cfg = new_config();
+ cfg->variable = xstrdup(variable);
+ cfg->value = xstrdup(value);
+ cfg->file = fname ? xstrdup(fname) : NULL;
+ cfg->line = lineno;
+
+ return cfg;
}
/*
Parse a configuration file and put the results in the configuration tree
starting at *base.
*/
-int read_config_file(avl_tree_t *config_tree, const char *fname)
-{
- int err = -2; /* Parse error */
+bool read_config_file(avl_tree_t *config_tree, const char *fname) {
FILE *fp;
- char *buffer, *line;
- char *variable, *value;
+ char buffer[MAX_STRING_SIZE];
+ char *line;
int lineno = 0;
- int len;
bool ignore = false;
config_t *cfg;
- size_t bufsize;
-
- cp();
+ bool result = false;
fp = fopen(fname, "r");
if(!fp) {
- logger(LOG_ERR, _("Cannot open config file %s: %s"), fname,
- strerror(errno));
- return -3;
+ logger(LOG_ERR, "Cannot open config file %s: %s", fname, strerror(errno));
+ return false;
}
- bufsize = 100;
- buffer = xmalloc(bufsize);
-
for(;;) {
- line = readline(fp, &buffer, &bufsize);
+ line = readline(fp, buffer, sizeof buffer);
if(!line) {
- err = -1;
- break;
- }
-
- if(feof(fp)) {
- err = 0;
+ if(feof(fp))
+ result = true;
break;
}
lineno++;
- if(*line == '#')
+ if(!*line || *line == '#')
continue;
if(ignore) {
- if(!strncmp(variable, "-----END", 8))
+ if(!strncmp(line, "-----END", 8))
ignore = false;
continue;
}
continue;
}
- variable = value = line;
-
- len = strcspn(value, "\t =");
- value += len;
- value += strspn(value, "\t ");
- if(*value == '=') {
- value++;
- value += strspn(value, "\t ");
- }
- variable[len] = '\0';
-
- if(!*value) {
- logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"),
- variable, lineno, fname);
+ cfg = parse_config_line(line, fname, lineno);
+ if (!cfg)
break;
- }
-
- logger(LOG_DEBUG, "%s=%s", variable, value);
- cfg = new_config();
- cfg->variable = xstrdup(variable);
- cfg->value = xstrdup(value);
- cfg->file = xstrdup(fname);
- cfg->line = lineno;
-
config_add(config_tree, cfg);
}
- free(buffer);
fclose(fp);
- return err;
+ return result;
}
-bool read_server_config()
-{
+void read_config_options(avl_tree_t *config_tree, const char *prefix) {
+ list_node_t *node, *next;
+ size_t prefix_len = prefix ? strlen(prefix) : 0;
+
+ for(node = cmdline_conf->tail; node; node = next) {
+ config_t *orig_cfg, *cfg = (config_t *)node->data;
+ next = node->prev;
+
+ if(!prefix) {
+ if(strchr(cfg->variable, '.'))
+ continue;
+ node->data = NULL;
+ list_unlink_node(cmdline_conf, node);
+ } else {
+ if(strncmp(prefix, cfg->variable, prefix_len) ||
+ cfg->variable[prefix_len] != '.')
+ continue;
+ /* Because host configuration is parsed again when
+ reconnecting, nodes must not be freed when a prefix
+ is given. */
+ orig_cfg = cfg;
+ cfg = new_config();
+ cfg->variable = xstrdup(orig_cfg->variable + prefix_len + 1);
+ cfg->value = xstrdup(orig_cfg->value);
+ cfg->file = NULL;
+ cfg->line = orig_cfg->line;
+ }
+ config_add(config_tree, cfg);
+ }
+}
+
+bool read_server_config(void) {
char *fname;
- int x;
+ bool x;
- cp();
+ read_config_options(config_tree, NULL);
- asprintf(&fname, "%s/tinc.conf", confbase);
+ xasprintf(&fname, "%s/tinc.conf", confbase);
x = read_config_file(config_tree, fname);
- if(x == -1) { /* System error: complain */
- logger(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno));
+ if(!x) { /* System error: complain */
+ logger(LOG_ERR, "Failed to read `%s': %s", fname, strerror(errno));
}
free(fname);
- return x == 0;
+ return x;
}
-bool is_safe_path(const char *file)
-{
-#if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW))
- char *p;
- const char *f;
- char x;
- struct stat s;
- char l[MAXBUFSIZE];
-
- if(*file != '/') {
- logger(LOG_ERR, _("`%s' is not an absolute path"), file);
- return false;
- }
+bool read_connection_config(connection_t *c) {
+ char *fname;
+ bool x;
- p = strrchr(file, '/');
+ read_config_options(c->config_tree, c->name);
- if(p == file) /* It's in the root */
- p++;
+ xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
+ x = read_config_file(c->config_tree, fname);
+ free(fname);
- x = *p;
- *p = '\0';
+ return x;
+}
- f = file;
+static void disable_old_keys(const char *filename) {
+ char tmpfile[PATH_MAX] = "";
+ char buf[1024];
+ bool disabled = false;
+ FILE *r, *w;
-check1:
- if(lstat(f, &s) < 0) {
- logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
- return false;
- }
+ r = fopen(filename, "r");
+ if(!r)
+ return;
- if(s.st_uid != geteuid()) {
- logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
- f, s.st_uid, geteuid());
- return false;
- }
+ snprintf(tmpfile, sizeof tmpfile, "%s.tmp", filename);
- if(S_ISLNK(s.st_mode)) {
- logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
+ w = fopen(tmpfile, "w");
- if(readlink(f, l, MAXBUFSIZE) < 0) {
- logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
- strerror(errno));
- return false;
+ while(fgets(buf, sizeof buf, r)) {
+ if(!strncmp(buf, "-----BEGIN RSA", 14)) {
+ buf[11] = 'O';
+ buf[12] = 'L';
+ buf[13] = 'D';
+ disabled = true;
+ }
+ else if(!strncmp(buf, "-----END RSA", 12)) {
+ buf[ 9] = 'O';
+ buf[10] = 'L';
+ buf[11] = 'D';
+ disabled = true;
+ }
+ if(w && fputs(buf, w) < 0) {
+ disabled = false;
+ break;
}
-
- f = l;
- goto check1;
- }
-
- *p = x;
- f = file;
-
-check2:
- if(lstat(f, &s) < 0 && errno != ENOENT) {
- logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno));
- return false;
}
- if(errno == ENOENT)
- return true;
+ if(w)
+ fclose(w);
+ fclose(r);
- if(s.st_uid != geteuid()) {
- logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"),
- f, s.st_uid, geteuid());
- return false;
+ if(!w && disabled) {
+ fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n");
+ return;
}
- if(S_ISLNK(s.st_mode)) {
- logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f);
-
- if(readlink(f, l, MAXBUFSIZE) < 0) {
- logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f,
- strerror(errno));
- return false;
+ if(disabled) {
+#ifdef HAVE_MINGW
+ // We cannot atomically replace files on Windows.
+ char bakfile[PATH_MAX] = "";
+ snprintf(bakfile, sizeof bakfile, "%s.bak", filename);
+ if(rename(filename, bakfile) || rename(tmpfile, filename)) {
+ rename(bakfile, filename);
+#else
+ if(rename(tmpfile, filename)) {
+#endif
+ fprintf(stderr, "Warning: old key(s) found, remove them by hand!\n");
+ } else {
+#ifdef HAVE_MINGW
+ unlink(bakfile);
+#endif
+ fprintf(stderr, "Warning: old key(s) found and disabled.\n");
}
-
- f = l;
- goto check2;
}
- if(s.st_mode & 0007) {
- /* Accessible by others */
- logger(LOG_ERR, _("`%s' has unsecure permissions"), f);
- return false;
- }
-#endif
-
- return true;
+ unlink(tmpfile);
}
-FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const char *mode)
-{
+FILE *ask_and_open(const char *filename, const char *what) {
FILE *r;
char *directory;
- char *fn;
+ char line[PATH_MAX];
+ const char *fn;
/* Check stdin and stdout */
if(!isatty(0) || !isatty(1)) {
/* Argh, they are running us from a script or something. Write
the files to the current directory and let them burn in hell
for ever. */
- fn = xstrdup(filename);
+ fn = filename;
} else {
/* Ask for a file and/or directory name. */
- fprintf(stdout, _("Please enter a file to save %s to [%s]: "),
+ fprintf(stdout, "Please enter a file to save %s to [%s]: ",
what, filename);
fflush(stdout);
- fn = readline(stdin, NULL, NULL);
+ fn = readline(stdin, line, sizeof line);
if(!fn) {
- fprintf(stderr, _("Error while reading stdin: %s\n"),
+ fprintf(stderr, "Error while reading stdin: %s\n",
strerror(errno));
return NULL;
}
if(!strlen(fn))
/* User just pressed enter. */
- fn = xstrdup(filename);
+ fn = filename;
}
- if(!strchr(fn, '/') || fn[0] != '/') {
+#ifdef HAVE_MINGW
+ if(fn[0] != '\\' && fn[0] != '/' && !strchr(fn, ':')) {
+#else
+ if(fn[0] != '/') {
+#endif
/* The directory is a relative path or a filename. */
char *p;
directory = get_current_dir_name();
- asprintf(&p, "%s/%s", directory, fn);
- free(fn);
+ xasprintf(&p, "%s/%s", directory, fn);
free(directory);
fn = p;
}
umask(0077); /* Disallow everything for group and other */
+ disable_old_keys(fn);
+
/* Open it first to keep the inode busy */
- r = fopen(fn, mode);
+ r = fopen(fn, "a");
if(!r) {
- fprintf(stderr, _("Error opening file `%s': %s\n"),
+ fprintf(stderr, "Error opening file `%s': %s\n",
fn, strerror(errno));
- free(fn);
return NULL;
}
- /* Then check the file for nasty attacks */
- if(safe) {
- if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */
- fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n"
- "I will not create or overwrite this file.\n"), fn);
- fclose(r);
- free(fn);
- return NULL;
- }
- }
-
- free(fn);
-
return r;
}
+
+